Barriers to buying Cyber Insurance for SMEs | News | Brit
culture
Inclusion and Diversity
Corporate Social Responsibility
Team BRIT
Environmental, Social & Governance
Insurance
accident and health
casualty
public and products liability
employers liability
environmental liability
contingency
event cancellation
non appearance
film
prize indemnity
cyber
cpr
xdr
bcap industrial
xdr pro tech
first50
cyber claims
cyber knowledge hub
delegated authority
commercial property
flood
financial property
homeowners
directors & officers
energy
Renewable Energy
e-trading
financial institutions
fine art and specie
healthcare liability
marine
cargo
hull and marine war
keel
marine and energy liability
political risk trade credit
political violence / terrorism
political violence/london
private client
home
motor
travel
professional liability
small north american liabilty
north american professional liability london
property
north american open market property
international property
uk property
transportation
Reinsurance
casualty treaty
international casualty treaty/london
north america casualty treaty/london
casualty treaty bermuda
property treaty
property treaty
property treaty bermuda
Claims
Claims Philosophy
Claims Innovation
Cyber Claims
industries
aerospace
aquaculture, equine and livestock
architects and engineers
commercial
construction
consumer goods
education
energy
events & entertainment
farming and agriculture
financial services
healthcare
municipalities
personal lines
professional services
real estate
religious and not-for-profit
retail
technology
transportation
utilities and industrial
careers
Careers
Why join Brit?
Why work in Insurance?
our business areas - speaking for ourselves
business area - actuarial
business area - claims
business area - finance
business area - internal audit
business area - operations
business area - risk
news
Brit Group
Brit Global specialty
Brit Re
Brit India
Camargue
financials and governance
Financials
Governance
executive & board
Risk
History of Brit
Working with FinTechs and InsurTechs
Fair Value Assessments
brokers and coverholders
leadership
innovation
contact
Complaints
Privacy Notice
Modern Slavery
Terms and Conditions
The latest from Brit

Brit Group

Brit appoints Jonathan Mudd as Active Underwriter for Syndicate 2988

find out more

news

find out more
Cyber Threats Smes Hero

news

Overcoming barriers to buying Cyber Insurance for SMEs

Article in a snapshot:

    • SMEs think cyber protection isn’t worth investing in
    • “If we don’t collect sensitive data, we don’t have exposure”
    • Cyber threats affect businesses of all sizes
    • Some SMEs think cyber insurance requirements are too complex
    • Relying on an external IT provider doesn’t remove liability
    • Helping you have confident conversations with SME clients

Cyber risk is growing, but uptake among SMEs remains low. As a broker, you already know how exposed these businesses are, but convincing them to act can be another matter. 

You may be confident in placing property or liability cover, but when it comes to cyber, you might be faced with client scepticism. This article is designed as a myth-busting guide to help you respond to typical SME concerns with confidence and signpost resources that can support your conversations on the value of cyber protection for SMEs.

 

Myth: Cyber protection isn’t worth investing in

Fact: The cost of a breach usually outweighs the cost of cover

One of the most common pushbacks from SMEs is that cyber protection is a luxury rather than a necessity. The reality is that the cost of a breach usually far outweighs the price of a policy. 

Government research found that the average cost for a small business to recover from a serious breach is almost £8,000. For some, the true figure is much higher once downtime, reputational harm, and lost contracts are taken into account.

Claims data consistently shows that business interruption, ransom payments, and recovery costs can be crippling, especially when compared to the price of a cyber policy. Helping clients to understand this cost–benefit calculation is one of the simplest ways you can challenge the idea that cyber cover is unaffordable or unnecessary.

Cyber Threats Smes Full Bleed 1

Myth: We're a small business, we're not a target

Fact: Cyber threats affect businesses of all sizes

When household names like Marks & Spencer or the Co-op suffer a breach, the headlines are hard to miss. What gets overlooked is how often attackers turn their attention to SMEs. 

AI-driven tools and phishing campaigns mean cybercriminals can cast their nets wider than ever. Smaller firms are often easier to compromise through supply chain weaknesses or social engineering. And while the ransom amounts may be lower, the impact can be far more difficult for a small business to absorb. Recovery costs such as lost revenue and disrupted operations are particularly tough when resources are already stretched. SMEs frequently hold sensitive employee or supplier data too, making them valuable targets in their own right.

Globally, SMEs now account for over 40% of cyberattacks, which makes it clear that size does not equal safety.
 

Myth: We're covered by outsourced IT providers

Fact: Relying on an external IT provider doesn’t remove liability

A client may feel that outsourcing their IT requirements removes the direct risk. It’s important to note that they still carry responsibility for customer data, contractual obligations, and day-to-day operations. Breaches can still happen due to outdated systems, supplier failure, or simply human error. 

This is where cyber insurance provides complementary protection. Cover includes access to breach response experts, help with regulatory notifications, and legal support. These are areas that most MSP contracts will not extend to. Our breach counsel resources can help you show clients how insurance steps in when IT support alone cannot.

 

Myth: If we don’t collect sensitive data, we don’t have exposure

Fact: Every business is a technology business

Many SMEs assume that if they don’t hold financial or health records, they’re safe. But almost every business now relies on digital systems: email, HR files, invoicing, or supplier communications. 

Being locked out of these systems, even temporarily, can create direct financial loss. Employee data and supplier details are also attractive to attackers, who can profit from even small-scale breaches.

Your clients need to understand that cyber risk is not just about data theft; it’s also about disruption to operations. Cyber insurance is there to protect against both.

Cyber Threats Smes Full Bleed 2

Myth: Cyber insurance requirements are too complex

Fact: Insurer expectations are proportionate to the risk and there's support available

Another misconception is that insurers demand excessive standards. In reality, expectations are proportionate. Basic cyber hygiene such as multi-factor authentication or timely patching is generally required, but these are equivalent to locking your doors before claiming on home insurance. They are sensible, achievable measures that reduce the likelihood of loss. 

It’s important to reassure clients that insurance is still available even if their cyber maturity isn’t perfect. Cover is designed to work alongside, not replace, gradual improvements in security. Brit offer a full suite of risk management services that can help your clients increase their overall standard covering everything from virtual CISO, security scans and phishing training. These can act as the foundations of good cyber fundamentals that SMES can build upon.

 

Helping you have confident conversations with SME clients

Your clients understand fire, flood, and theft. Cyber can also be positioned as a risk that can disrupt operations in a very short space of time. By drawing this parallel, you can make the intangible more tangible. 

Here are some points you can use to support conversations:

  • Cyber insurance is about continuity, not just data: an attack can stop trading as quickly as a physical incident.

  • Attackers don’t discriminate: automation and AI mean every business is a potential target.

  • Supply chain risk is unavoidable: even if the breach begins elsewhere, the disruption is your client’s responsibility to manage.

  • Insurance complements IT: it can provide breach counsel, forensic expertise, and financial protection at the point of crisis.

Helping you have confident conversations with SME clients

You can also point clients to our Cyber Knowledge Hub, which offers practical resources to build awareness and resilience.


Partnering to help you overcome client hesitation towards cyber protection

As a broker, you play a vital role in guiding SMEs through an increasingly complex cyber landscape. By tackling misconceptions head-on and addressing the cyber gap, you can help clients see that cyber insurance should be considered a core part of business resilience. 

We’re here to support you with insights, resources, and specialist cover designed for SMEs. Get in touch with our cyber team and we can help you turn difficult conversations into confident ones, and make cyber insurance a standard part of your SME client’s protection.

Brit enters HNW market with Private Client launch

28-05-2020 |People
Read more

Brit expands newly launched Private Client offering with further hires

14-07-2020 |Private Client
Read more

Brit Private Client ranked first in high net worth report

02-05-2022 |Private Client
Read more

Brit Private Client Home Automation

24-11-2021 |Private Client
Read more

Brit appoints Tara Parchment to build Private Clients proposition

26-07-2018 |Private Client
Read more
London Footer White

A Fairfax Company

©2025 Brit Group Services Limited. All rights reserved.